It's probably something in the certificate, which is hard to pinpoint without having access to it. The switch logs may provide some additional information.
If you follow the documentation, it's expected to work. Your Aruba partner or TAC may be able to assist you in analyzing the certifcate or checking the switch logs.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Apr 30, 2024 06:30 AM
From: tairh
Subject: Radsec client Certificate can't upload
I followed the prerequisites for the certificate to be imported in the documentation you provided, but unfortunately, I still get the same error; it does not accept the certificate at all.
Do you have any ideas, because I admit I'm running out of them ^^
Original Message:
Sent: Apr 24, 2024 04:49 AM
From: ariyap
Subject: Radsec client Certificate can't upload
you can refer to the PKI section of the security guide for CX6000 switches.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Apr 24, 2024 04:43 AM
From: tairh
Subject: Radsec client Certificate can't upload
Okay, thank you, I understand why. The problem is that I'm not using Clearpass at the other end of Radsec. Is there a specific way or format to upload a certificate to the switch?
Original Message:
Sent: Apr 24, 2024 04:34 AM
From: ariyap
Subject: Radsec client Certificate can't upload
check this short guide for "Radsec and Aruba ClearPass – Part2"
but basically on the switch you configure it to use its device certificate for radsec and then import the CA certificate that signed ClearPass's radsec cert. (assuming you are using ClearPass at the other end of radsec. Also note that ClearPass already has the CA certificate that signed the device cert for switches and APs, all you have to do is enable it.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Apr 24, 2024 03:44 AM
From: tairh
Subject: Radsec client Certificate can't upload
Hi,
Thanks for your response, if I use inbuilt device certificate how it will be able to be authenticated for Radsec connection ?
Because the certification authority will not recognize this certificate.
Original Message:
Sent: Apr 24, 2024 01:52 AM
From: ariyap
Subject: Radsec client Certificate can't upload
I generally use inbuilt device certificate of CX switches for Radsec.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Apr 23, 2024 05:20 AM
From: tairh
Subject: Radsec client Certificate can't upload
Hello,
I am currently configuring an Aruba 6000 switch for a Radsec connection. I'm trying to upload my certificate generated by SCEPman for client authentication, and I keep getting this error:
Moreover, it remains in its "csr_pending" state.
Do you have any ideas?
Thank you in advance.